Cheat Engine

[mitosu7410]

I'm new to cheat engine and learning it with using Cemu Emulator.

In Monster Hunter 3 Ultimate, I am trying to find static address for monster's HP.
In this case, the address [r13+rsi+000008B8] has monster's HP.
I figured out r13 is based address so if the value of rsi is fixed it's very easy to find locate HP's address.
However rsi is changing every time I reboot the game.
So I searched address 2FD106F0 and it has three results.
But there are no static address. So I can't figure out what value rsi has every launching the game.

Any clues to solve this issue?
Sorry for my bad English.

1E695D8AB51 - movbe [r13+rsi+000008B8],edx

RAX=00000BE0
RBX=FFFFFFFB
RCX=2FD111C8
RDX=00000B5C
RSI=2FD106F0
RDI=000000FF
RBP=0E232D78
RSP=1E677A10B10
RIP=1E695D8AB5B

Probable base pointer =2FD106F0

1E695D8AB41 - setg byte ptr [rsp+0000028D]
1E695D8AB49 - sete byte ptr [rsp+0000028E]
1E695D8AB51 - movbe [r13+rsi+000008B8],edx
1E695D8AB5B - jns 1E695D8AB7D
1E695D8AB5D - nop dword ptr [rax+00]

Edit:
1.pointer scans did not work. There no results (maybe because Cemu emulator is big endian?)

2.There are lots of examples to find static address and most of them is
["based address" + offset] (like [edx + F8])
However I could not find the examples of the pattern of having 2 registers + offset such as [eax+rsi+000008B8]. I would like to know how to handle of this pattern.

[Bloodybone]

Something that seems to work for me with Cemu is calling "Cemu.memory_getBase" and using that value as the Base Address.

In lua I would then write something like this:
CemuMemoryBase = executeCode(getAddress("Cemu.memory_getBase"),0,2000)

And then the Lua Global "CemuMemoryBase" would hold the Base Address.
You can then take whatever address you have subtact the Base from that, take the Offset and add it to the Table.

Example:
Base = 2FD00000(returned from the function)
Address I have = 2FD106F0
2FD106F0 - 2FD00000 = 106F0(Offset)

I would then add the Address "$CemuMemoryBase+106F0" to the Table

Edit:
I would just add a Script that has to be enabled first which would have something like this inside:

[mitosu7410]

[Dark Byte]

try this:
find the address you're looking for (2FD10F98)
do an unknown initial value scan (big endian type likely)

play until the address changes and find it again (do a second scantab)

e.g: 2FD10FB8

so a difference of 0x20 (32)
go to the tab where you did an unknown initial value scan and scan for increase by 32

repeat until you have a decent idea where the pointer is located

get the offset from the base and apply that to the formula to get the hp address

[base+pointeroffset]=virtual address inside the game
base+that virtual address+small offset you have to calculate=address of hp

[mitosu7410]

[SotiCoto]

I also am desperate for a solution to this problem.

Also I found this thread a few days ago and have had immense difficulty just finding my way back to it... damned search engines.


There are quite a few topics on this and other boards about using CE for MH3U in Cemu... but most of them end either with no reply, or with the question asker vaguely replying that they figured it out themselves and not bothering to explain what they did.

I don't know any Lua script / AoB Scan stuff, and frankly I haven't been able to figure out how it works from looking at (non-working) tables people have already made for Cemu+MH3U.


In my case I'm trying to lock the stamina bar.
I know the offset. That is 648.
The R13 is set every time I boot up Cemu... and the other address changes every time I step out of Moga Village into the wilds...

Presumably I need to figure out how to script something to find the Base address (the R13) and the other address (the one that changes when leaving Moga) and combine them into some aliased variable that I could reference in a pointer... but I can't figure out how to do that.